Is there a way we can make a Windows secret dependent on an Active Directory secret? Then either using the Windows secret would use the password from the AD secret or updating the AD secret would automatically update the Windows secret.

I see a dependency feature in TSS, but it seems to be for updating external dependencies on a password. I do not think that can be used to make one secret dependent on another. I looked through the available dependency types and did not find anything like that.

If there is another good way to accomplish our goal, that would be fine too. We want to have each server listed separately in TSS for audit and session recording purposes. Plus that should make it easier for our users because individual secrets can contain the IP and port for each server. Using the launcher for the AD secret is not ideal because it prompts for an IP, which would require additional work for a user to look up. We can configure the Windows servers individually, but then we have lots of duplicate passwords that all need to be updated when the password is changed. And then if we enable Remote Password Changing, that probably would make things even worse.